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MEMORANDUM FOR THE RECORD 
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FROM: 


SUBJECT: 


REFERENCES 


Programs Development Branch, issci 


Operations Evaluation Branch, ISSG 
Briefing of two members 



ODP 81-462/ dtd 10 April 1981 
ODP 81-566, dtd 1 May 1981 
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1. On 6 May 1981, from 1315 to 1445 hours, subjects were 
provided an informal briefing of specific areas of interest in 
the Information System^ — Security area as they relate to the 
current efforts of the 


ril 

|to develop and implement a large 
J 1 In essence, we shared with them 


computerized system [ 

some specific security suggest ions /recommendations which could be 
useful in their efforts to develop this new system. Reference 
(attached) provides background information regarding the system 
plans, configuration time schedules, etc. Hardware and software 
vendors were unknown at this time. 


2. Attachment II reflects the viewgraphs used in this 

presentation. We skimmed over the Physical/Personnel security 
portion of our outline in that we discovered early on that they 
were more interested in the systems security area than in the 
physical or procedural areas (although they did take notes in 
areas of tape/dis k cont rol, concerns in maintenance area, output 
controls, etc.). | | 

3. Areas of particular interest included desired hardware 
end software features involving selective access to system(s); 
logging all attempts to access; memory and magnetic media 

j-aniri ization user identification, and event log inspection. Also 
included were security testing and theft and copy protection. We 
pointed out to them that they were fortunate to be considering 
these security issues early on in that it is much, easier to 
design— in security features (via statement of work/RFP, etc . ) 
than trying to retrofit after a system is "on the air". 
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4. We provided our guests with one copy of the Willis Ware 
Report (reissued 1979 -unclassified) published by RAND Coxp 
entitled "Security Controls for Computer Systems'; and another 
Daper (FREY— unclass if ied outlining general security requirements 
52K£ wfwou^d like to see in. computer systems Pressing multi- 

NOTE: At no time did we mention specilic 

uni™;” information (e.g., ^stam specific password 
9 C Y1 thresholds) which would be particularly sensitive from a 
counterintel ligence standpoint . I 


5. Our remarks generated lively exchange of ideas in areas 
mentioned. Our suggestions included: 

- separation of I/O from main computer center (to 
control access) 


- Strict tape/disk /(incl floppy) control 

- Software terminal disconnect features 


- On Line audit (by exception) 

- Use of SMF (if IBM system) for auditing 


- Memory clear 

- Restricted Memory dumps 
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finp SYSTEMS _S £Cu]lIIl 

Computer Center Access 
Physical/Personnel Security 

- Center - Open ys, Secure 

- Access Control/Badge System 

- Control of Maintenance Personnel 

- Tape/Bisk Library & Control 

- Personnel Staffing and Checks 

- IBM 3350 Fixed Disk Problem 

Physical Switch 
Power Down 
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Remote Terminal Operation 

- Located in Secure/Unsecured Areas? : 

- Terminals w/Buffer Memory 

- Software Features to Disconnect 

- Audit Trail for User Management - . ■ \ 

-Terminal - Input/Output > r 

Classified Lables - I/O •• 

- USFRID/Password Protection Mechanisms 

Procedural' 

- Tape I/O Control 

- Output Controls 

- Floppy Disks 

-Diagnostics ■ , ....... 
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System Security ■" ' t-; ;;T ■ v :'\ 

- Main Memory Overwrite ; 

- Automatic Terminal Disconnect 

- Lock Out Terminal Feature 

- Role of SMF Data for Auditing 

- ACF-2 

Personnel Security 
Threat 

- Problem - Cases - History 

- Government and Industry - What Does Evidence Show? 
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OTHER TOPICS 

Contract Efforts, , 

Test Methodology, ~ 

Audit Trail Efforts, 

Contract to Study HSTS/Audit 

Authentication Developments, 
Signature Verification / 

Palm Prints 


Approved For Release 2003/11/06 : CIA-RDP84-00933R000300340017-6 



